As the world becomes increasingly digital, and digitally connected, cyber security continues to grow in importance. In today's world, cyber security is unfortunately asymmetric—and it favors the attacker. One fundamental aspect of the asymmetry today is the inherent “break once, run many” nature of contemporary systems.
Consider an operating system such as Windows 10™, produced by the Microsoft Corporation of Redmond, Wash. Copies of Windows 10 are readily available, affording anyone who may so desire an opportunity to study it in order to find exploitable security flaws. Typically, a flaw in one copy of Windows will exist in all copies of Windows (at least that version of Windows). Thus, once found, a single vulnerability could potentially be exploited on hundreds of millions of computers.
This ‘break once, run many’ nature makes the economics of cyber-attacks significantly favor the attacker. The effort applied to find and develop and exploit can be leveraged across a large number of targets. To make a cyber-attack worthwhile, the only remaining question is the value of the targeted data.
Fortunately for the attacker, an increasing amount of data is extremely valuable, from financial information on companies and individuals to health care records to engineering designs and other intellectual property. For example, in January 2015, insurance provider Anthem Blue Cross was the subject of a cyber-attack resulting in a data leak of records on eighty million people. Many companies and organizations are consequently investing a tremendous amount of time, energy, and resources to try to protect their IT systems and the data they contain.